[LinuxBender]

I am OK with this as well. If you put up a script on github and email an org, asking for help debugging and your script drops an ssh key, then daemonize a reverse tunnel running as that user to a VM you control, then I would blame companies and the maintainers of ssh for allowing this to work. If their board members are unaware of the risk, then shame on any human layers that hid these capabilities or were too inept to fix it. It is their fiduciary responsibility to their investors to take security and privacy seriously to protect their investments. Companies that are cavalier in this regard need not survive.